I have configured HTTPS in JBoss EAP 7.2 and it works as expected. But the problem comes when I deploy my application where picketlink is enabled to do SAML authentication with OKTA IDP, I am not able to access my application with https. Here is the configuration I have done.
standlone-full.xml
enabled picketlink module
<extension module="org.wildfly.extension.picketlink"/>
Added listener for https
<https-listener name="https" socket-binding="https" max-parameters="10000" security-realm="ApplicationRealm" enable-http2="true"/>
SSL configuration
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="mykeystore.jks" relative-to="jboss.server.config.dir" keystore-password="123456" alias="myalias" key-password="123456" generate-self-signed-certificate-host="myhostname"/>
</ssl>
</server-identities>
...
saml login module
<security-domain name="sp" cache-type="default">
<authentication>
<login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/>
</authentication>
<audit>
<provider-module code="org.picketlink.identity.federation.core.audit.PicketLinkAuditProvider"/>
</audit>
</security-domain>
And finally, port for HTTPs
<socket-binding name="https" port="${jboss.https.port:8443}"/>
HTTPs is working with above configuration, so far fine and no issues.
When I try to access myapp, I am not able to reach it with https but able do with http.
Here is the configuration that are done inside the app for picketlink
jboss-deployment-structure.xml
<jboss-deployment-structure
xmlns="urn:jboss:deployment-structure:1.1">
<deployment>
<dependencies>
<module name="org.apache.xalan" />
<module name="org.picketlink" services="import" />
</dependencies>
</deployment>
</jboss-deployment-structure>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>sp</security-domain>
<jacc-star-role-allow>true</jacc-star-role-allow>
</jboss-web>
picketlink.xml
<PicketLink
xmlns="urn:picketlink:identity-federation:config:2.1"
EnableAudit="true">
<PicketLinkSP
xmlns="urn:picketlink:identity-federation:config:1.0"
ServerEnvironment="tomcat" BindingType="POST"
SupportsSignatures="false">
<IdentityURL>https://myokta.okta.com/app/dev-74710301_myapp_1/exk8j8nrz12ng4R6m5d7/sso/saml
</IdentityURL>
<ServiceURL>https://myhostname:8443/myapp</ServiceURL>
<Trust>
<Domains>dev-74710301-admin.okta.com, okta.com, l4wyf9k3</Domains>
</Trust>
</PicketLinkSP>
<Handlers
xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" />
<Handler
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" />
</Handlers>
</PicketLink>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!-- This is the web.xml that will be used by the default - Browser internal
- configuration -->
<web-app id="myapp">
<security-role>
<role-name>*</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>myapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/jsps/formLogin.jsp</form-login-page>
<form-error-page>/jsps/formError.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
There is no error/warn logs in the application server or in my application. Please can someone help on this. Thanks.
